From owner-freebsd-current  Thu Feb 29 09:09:13 1996
Return-Path: owner-current
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id JAA23154
          for current-outgoing; Thu, 29 Feb 1996 09:09:13 -0800 (PST)
Received: from precipice.shockwave.com (precipice.shockwave.com [171.69.108.33])
          by freefall.freebsd.org (8.7.3/8.7.3) with ESMTP id JAA23145
          Thu, 29 Feb 1996 09:09:08 -0800 (PST)
Received: from localhost.shockwave.com (localhost.shockwave.com [127.0.0.1]) by precipice.shockwave.com (8.7.4/8.7.3) with SMTP id JAA05845; Thu, 29 Feb 1996 09:07:06 -0800 (PST)
Message-Id: <199602291707.JAA05845@precipice.shockwave.com>
To: Poul-Henning Kamp <phk@critter.tfs.com>
cc: Joe Greco <jgreco@brasil.moneng.mei.com>,
        fenner@parc.xerox.com (Bill Fenner), nate@sri.MT.net,
        stable@FreeBSD.ORG, current@FreeBSD.ORG
Subject: Re: IPFW (was: Re: -stable hangs at boot) 
In-reply-to: Your message of "Thu, 29 Feb 1996 09:53:35 +0100."
             <2612.825584015@critter.tfs.com> 
Date: Thu, 29 Feb 1996 09:07:06 -0800
From: Paul Traina <pst@shockwave.com>
Sender: owner-current@FreeBSD.ORG
Precedence: bulk

On sites that I run, my filter rules -start- with:

deny <my networks> any
deny <multicast and above> any
deny 127.0.0.0 0.255.255.255 any
deny 0.0.0.0   0.255.255.255 any
deny <1597 nets> any

The idea is that you want to block off all source addresses that you should
never expect to see.  127 is a favorite of mine, because a lot of people have
localhost in their hosts.equiv files.

Paul